WebSpace Datasheet - Security

NexPrise has provided secure online content management for large corporations and government agencies since 1997. They own and carefully monitor servers stored in a highly secure data center. Customer data is strictly segregated and encrypted both in storage and backups. NexPrise utilizes extensive security measures including firewalls, intrusion detection, redundancy, and 24/7 monitoring to ensure customer data is safeguarded.

Uploaded by

tlesher8504

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

27 views3 pages

WebSpace Datasheet - Security

Uploaded by

tlesher8504

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 3

Protecting your Data and Documents

NexPrise has been in business since 1997 and has a long, unblemished history of providing secure online content management
and collaboration environments for some of the world’s largest corporations and government agencies. In fact, WebSpace
was initially conceived within the Lockheed Martin Palo Alto Research Lab with funding from the Defense Advanced Research
Projects Agency (DARPA). With direct input from the National Security Agency (NSA) and major defense contractors, the
WebSpace security model and hosting infrastructure has been a primary focus since day one.

If you’re considering a NexPrise-hosted WebSpace environment, we know that moving your company’s intellectual property on
to our servers and into “The Cloud” may concern you. For example, you’re probably asking yourself questions such as:

 What kind of track record does NexPrise have in hosting and safeguarding proprietary data?
 Where and how will my company’s data be stored?
 Who will have access to it?
 How will it be monitored and backed up?
 Will we be able to get our documents out of WebSpace if we elect to terminate our subscription?
 How are passwords managed?
 How are access rights enforced within the software?
 How is encryption leveraged?

The NexPrise Data Center

NexPrise owns, operates and monitors all of its own servers, storage devices and other equipment from dedicated and locked
cages within a $100M AT&T data center in Irvine, CA. This SAS-70 Type II certified facility provides the physical environment
necessary to keep NexPrise servers up and running 24 hours a day, 7 days a week. It is custom designed with raised floors,
redundant diesel generator backups, redundant battery UPS systems, seismic reinforced bracing for earthquakes, HVAC
temperature control systems with separate cooling zones, and seismically braced racks. It also offers the widest range of
physical security features, including state-of-the-art smoke detection and fire suppression systems, motion sensors, biometric
scanners for entry, multiple man-traps, and 24x7 secured access, as well as video camera surveillance and security breach
alarms.

Physical Access

Only a few authorized NexPrise administrators have physical access to the hosting facility. These individuals are all U.S. citizens
who must follow strict security protocols to enter the building and the secure NexPrise cages.

These designated NexPrise administrators are also the only people with remote access to the servers for monitoring and
maintenance. At no time do other persons have access or visibility of any kind to customer hosted data, computer monitors
displaying hosted data or materials, back-up tapes, operational information, reports, etc.

Firewall

NexPrise utilizes an enterprise-class industry standard firewall appliance to ensure controlled access to all devices within the
data center network. The only port open to the internet cloud is the HTTPS port (443).

NexPrise utilizes industry standard intrusion detection/prevention software to monitor ways in which the customer server is
accessed. Logs are monitored by NexPrise personnel and reviewed on a regular basis to analyze attack patterns and to ensure
all attempts are thwarted.

Failover

In the event of hardware failure, redundant systems are in place. Servers have multiple power supplies connected to separate
data center power sources, data is stored on RAID-5 storage partitions, and spare application servers are available in the
unlikely event of a hardware failure.

24/7 System Monitoring

NexPrise administrators are on call around the clock to respond to any system degradation or outage. Monitoring software is
used to monitor critical signs of system health, and automatic alerts are triggered under certain conditions.

Backup Operations

All customer data is backed up to tape on the following schedule:

 Nightly incremental backups

 Weekly full backups
 Monthly full backups are transferred off-site to an Iron Mountain storage facility

The monthly backup tapes are handed off to an Iron Mountain representative for delivery to a secure Iron Mountain storage
facility. The tapes are kept in a locked container during transit and a record of all tape deliveries is accessible to authorized
NexPrise personnel via an Iron Mountain Web portal. In addition, all data on these tapes is encrypted during the backup
process, rendering the tapes useless without the encryption key. Tapes are destroyed after 7 years. If desired, a customer can
request to have their data excluded from long term tape backup.

Data Recovery

Restore requests can typically be handled within 1 business day unless tapes need to be retrieved from off-site storage, in
which case they can be handled within 5 business days. A fee is associated with data recovery from off-site tape.

Data Export & Transfer

In the event you terminate your WebSpace subscription and would like your all your WebSpace data exported to you in a
neutral format, NexPrise can provide it on a DVD or other storage medium for a modest fee. You will receive an XML export
file containing all your database content plus all of your associated documents.

Password Management

Each NexPrise customer has full control over their own WebSpace password rules. Password length, format, expiration, and
reset settings are all configurable to match your corporate policy.

While NexPrise utilizes shared hardware and storage resources to achieve economies of scale, each WebSpace customer has
their own dedicated WebSpace server instance and storage partition for complete information segregation. This allows easier
management of customer-specific server configurations and lets customers decide when they want to upgrade to new versions.

NexPrise utilizes a 3-tier architecture consisting of a Web tier, an application tier, and a database tier. The web and application
tier reside on a server which is publicly accessible over the Internet. All ports to the server are locked out (via firewall rules)
except port 443 (HTTPS). All end user connections to the server are controlled and encrypted (similar to an online banking site).
The database server is not publicly accessible over the internet at all.

As for document storage, NexPrise utilizes a dedicated SAN storage array. Documents uploaded to WebSpace are only
accessible through the WebSpace application by authenticated users. The database contains document attribute and security
information, with location pointers to the files on the secure storage array. The files on the storage array are in customer-
specific data partitions with file names converted to random numbers upon upload. Even authorized NexPrise administrators
with direct access to the storage array in the data center can’t visually identify specific customer files without being granted
access through the WebSpace application itself.

Encryption

All users connect to a WebSpace server via a 256-bit encrypted connection (HTTPS) and must authenticate via username and
password and have the appropriate access rights to view or download a document or other content. The content of files
uploaded to a WebSpace server are not altered in any way, and there’s no limit to the type or size of files which can be
managed in WebSpace. All files downloaded from a WebSpace server remain exactly as they were uploaded.

When NexPrise produces backup tapes for secure off-site storage, the information on those tapes is encrypted (rendering the
tapes useless without the encryption key).

Access Rights within WebSpace

Once a user has logged into a WebSpace server with a valid username and password, they are instantly identified with certain
system access credentials. All users must be explicitly invited to secure WebSpace Project areas and granted access to various
documents or folders within the Project. To ease administration, a user’s access rights to a particular project area may be
governed by their company affiliation or certain roles they have been added to. In no case can users access any content unless
an administrator has granted them the appropriate privileges. For large environments, user administration can be safely
distributed across collaborating partners. Also, certain projects and users can be flagged as “Restricted” to prevent
administrators from inadvertently inviting certain users to sensitive projects. This is particularly useful as a safeguard to
prevent non-U.S. persons from being invited to projects containing ITAR data (data subject to U.S. export control laws).

Detailed Security Logging

All user activity on a customer’s server is audited. Customer WebSpace server administrators have access to this information
in the form of detailed security reports. When and what every user has looked at and/or modified on the server is tracked.